[ntp:hackers] SNTP clients in routers

Michael.Wouters at csiro.au Michael.Wouters at csiro.au
Thu Jun 26 18:16:50 PDT 2003



Dear David,

Exactly the same thing happened to us.
I said something about this earlier in the year,
when we pulled our servers from the public list.

A US company hard-coded the addresses of 3 of
our public NTP servers into their el-cheapo
router/NAT box. No DNS as well. 
Normally the boxes poll once per 2 hours but when
they don't get a reply, they poll every 30 seconds.
A large number of the routers poll every 30 seconds
because if you select "Firewall" in the router setup
the router blocks replies to its own NTP requests. There
was no way to configure the embedded SNTP client. The
carelessness of it all is staggering.

Does this sound familiar at all ?

After phone calls to the company, and e-mails they
finally responded and after a few months, updated
their firmware, STILL with a list of hard-coded IPs.

At the moment, most of the traffic (20 000 pkts/s )
(Yes, the number of zeroes is correct!) 
is being dumped in the US at routers operated by the 
major Australian network operators. So we've pushed
the problem closer to the origin. But that traffic 
is going to be there for a long time.

Commiserations
Michael Wouters.

 -------------------------------------------
 Dr Michael Wouters
 Time and Frequency Section
 National Measurement Laboratory
 CSIRO Division of Telecommunications and Industrial Physics

 PO Box 218, Lindfield NSW 2070
 Sydney Australia

 (street address: Bradfield Rd, Lindfield NSW 2070)

 Ph  61 2 9413 7268
 Fax 61 2 9413 7202
-------------------------------------------- 




More information about the hackers mailing list